On 12/31/2010 03:18 AM, Ricardo Mones wrote:
That seems fine, and is the default configuration, but you referred to a
"Debian CAcert root certificate", which is not among these (there's a
debconf one and a SPI one, but no certificate called "Debian" exists).
Sorry, I haven't understood. I'm talking about CAcert. It is free
certificate authority, and their root certificate comes in o
ca-certificates. And have my server, with certificate signed by CAcert.
% openssl x509 -text -in /etc/ssl/certs/cacert.org.pem
...
Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing
Authority/emailaddress=supp...@cacert.org
Validity
Not Before: Mar 30 12:29:49 2003 GMT
Not After : Mar 29 12:29:49 2033 GMT
Subject: O=Root CA, OU=http://www.cacert.org, CN=CA Cert
Signing Authority/emailaddress=supp...@cacert.org
...
I'm absolutely sure that this is claws-mail bug, because all other
programs works well. (mutt, icedove, iceweasel, psi, gajim, gaim and
many other). If ca-certificates not installed, all this programs (except
of mozilla) shows ssl warning. If ca-certificates installed all this
programs trust my server.
In any case, once you're sure the certificate is correctly installed and
trusted, please launch "claws-mail --debug> debug.log 2>&1"...
I don't think, that all log is interested.
I've substituted path to home and my imap server with $HOME and $SERVER
Folder $HOME/.claws-mail/certs doesn't exists.
...
[05:04:22] IMAP4> 1 STARTTLS
[05:04:22] IMAP4< 1 OK Begin TLS negotiation now
imap-thread.c:1174:imap starttls run - end 0
imap-thread.c:403:generic_cb
imap-thread.c:1217:imap starttls - end
ssl_certificate.c:433:didn't get $HOME/.claws-mail/certs/$SERVER.143.cert
ssl_certificate.c:571:got 142 certs in ca_list! 0xff8890ac
ssl_certificate.c:571:got 142 certs in ca_list! 0xff888edc
...
I've just reread warning, that claws shows, it's strange:
Unknown SSL Certificate
Certificate for equator.ru.net is unknown.
Do you want to accept it?
Signature status: Correct
View certificate
Owner
Name: equator.ru.net
Organization: <not in certificate>
Location: <not in certificate>
Signer
Name: CA Cert Signing Authority
Organization: Root CA
Location: <not in certificate>
Status
Fingerprint: MD5: <md5hash>
SHA1: <sha1hash>
Signature Status: Correct
Expires on: 11/03/18(Fri) 20:59
--
sergio.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org